diff options
| author | Amaury Couderc <amaury.couderc@est.tech> | 2026-02-09 15:21:48 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2026-02-27 17:45:06 +0000 |
| commit | 49dc4dd983e7a9b502fbee2cf9f2aad5aa4e211f (patch) | |
| tree | c09257007a4799d7ccc88bbbfe56c04619a28e65 /meta/recipes-connectivity | |
| parent | 0d954471b5e161db24547eff3b503ceeebb29512 (diff) | |
| download | poky-49dc4dd983e7a9b502fbee2cf9f2aad5aa4e211f.tar.gz | |
avahi: patch CVE-2025-68471
(From OE-Core rev: bfd12b872d922116c1a793cd9debb5ee773bfeaf)
Signed-off-by: Amaury Couderc <amaury.couderc@est.tech>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ec4156330c765bc52dbce28dbba6def9868d30f)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 | ||||
| -rw-r--r-- | meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch | 36 |
2 files changed, 37 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 34d95f48cd..d349831f16 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb | |||
| @@ -39,6 +39,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ | |||
| 39 | file://CVE-2024-52615.patch \ | 39 | file://CVE-2024-52615.patch \ |
| 40 | file://CVE-2025-68276.patch \ | 40 | file://CVE-2025-68276.patch \ |
| 41 | file://CVE-2025-68468.patch \ | 41 | file://CVE-2025-68468.patch \ |
| 42 | file://CVE-2025-68471.patch \ | ||
| 42 | " | 43 | " |
| 43 | 44 | ||
| 44 | GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" | 45 | GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" |
diff --git a/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch new file mode 100644 index 0000000000..210565cdd6 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2025-68471.patch | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | From 4e84c1d6eb2f54d1643bd7ce62817c722ca36d25 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Hugo Muis <198191869+friendlyhugo@users.noreply.github.com> | ||
| 3 | Date: Sun, 2 Mar 2025 18:06:24 +0100 | ||
| 4 | Subject: [PATCH] core: fix DoS bug by changing assert to return | ||
| 5 | |||
| 6 | Closes https://github.com/avahi/avahi/issues/678 | ||
| 7 | |||
| 8 | CVE: CVE-2025-68471 | ||
| 9 | |||
| 10 | Upstream-Status: Backport | ||
| 11 | [https://github.com/avahi/avahi/commit/9c6eb53bf2e290aed84b1f207e3ce35c54cc0aa1] | ||
| 12 | |||
| 13 | Signed-off-by: Amaury Couderc <amaury.couderc@est.tech> | ||
| 14 | --- | ||
| 15 | avahi-core/browse.c | 5 ++++- | ||
| 16 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 17 | |||
| 18 | diff --git a/avahi-core/browse.c b/avahi-core/browse.c | ||
| 19 | index 2941e57..86e4432 100644 | ||
| 20 | --- a/avahi-core/browse.c | ||
| 21 | +++ b/avahi-core/browse.c | ||
| 22 | @@ -320,7 +320,10 @@ static int lookup_start(AvahiSRBLookup *l) { | ||
| 23 | assert(l); | ||
| 24 | |||
| 25 | assert(!(l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) != !(l->flags & AVAHI_LOOKUP_USE_MULTICAST)); | ||
| 26 | - assert(!l->wide_area && !l->multicast); | ||
| 27 | + if (l->wide_area || l->multicast) { | ||
| 28 | + /* Avoid starting a duplicate lookup */ | ||
| 29 | + return 0; | ||
| 30 | + } | ||
| 31 | |||
| 32 | if (l->flags & AVAHI_LOOKUP_USE_WIDE_AREA) { | ||
| 33 | |||
| 34 | -- | ||
| 35 | 2.43.0 | ||
| 36 | |||